Toyota warns data breach may have exposed customer financial information

toyota logo
(Image credit: / Bjoern Wylezich)

Weeks after Toyota confirmed a ransomware attack affecting Toyota Financial Services Europe & Africa, the Japanese automaker has now confirmed that customer data may well have been exposed.

At the time, Medusa Ransomware, the group behind the attack, claimed to have stolen financial documents, spreadsheets, purchase invoices, hashed account passwords, cleartext user IDs and passwords, agreements, passport scans, internal organization charts, financial performance reports, staff email addresses, and more.

Now, the company has been informing customers that their data has been affected, with letters being sent to some German customers.

Toyota ransomware attack breached personal data

At the time, Toyota Financial Services was told that it could cough up $8 million to have the ransomware group delete the stolen files, or extend this deadline for the sum of $10,000 per day.

It now appears that Toyota did not give in to the group’s demands, and customer data has since been spotted for sale on Medusa’s website.

A letter to German customers (translated to English using Google Translate) seen by German news outlet Heise reads: “According to the current status of the investigation, your last name, first name, the postcode of your place of residence and possibly other contact information… are affected.”

Other data may include financial details, including contract amount and IBAN. Should Toyota’s investigation, which is still underway with a “leading” cybersecurity company, reveal any more high-risk data that has been leaked, the company promises to issue further notices.

Heise also noted that customer payments and vehicle deliveries saw a service interruption as a result of the attack, but that services were being restored from December 1.

A Toyota spokesperson told TechRadar Pro in an email that Toyota Financial Services is "working closely with law enforcement" and that the investigation is still ongoing, but for now, the company believes that only German customer data was affected. German customers have been informed "in line with all legal and data protection requirements."

Toyota declined to comment on whether it had paid the ransom fee.

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!